ch 4. drivers and kernel-mode objects
DESCRIPTION
Ch 4. Drivers and Kernel-Mode Objects. Contents. Data Objects and Windows 2000 I/O Request Packets (IRPs) Objects of Kernel-Mode Summary. 1. Data Objects and Windows 2000. Data Objects and Windows 2000. Object-Oriented Programming 기반의 Win2K 객체 (Object) 단위 운영체제는 객체 (Object) 단위로 관리 - PowerPoint PPT PresentationTRANSCRIPT
ISLab Flash TeamISLab Flash Team
Ch 4. Drivers and Kernel-Mode Ch 4. Drivers and Kernel-Mode ObjectsObjects
Ch 4. Drivers and Kernel-Mode Objects 2
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
ContentsContents
1. Data Objects and Windows 20002. I/O Request Packets (IRPs)3. Objects of Kernel-Mode4. Summary
ISLab Flash TeamISLab Flash Team
1. Data Objects and Windows 20001. Data Objects and Windows 2000
Ch 4. Drivers and Kernel-Mode Objects 4
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
Data Objects and Windows 2000Data Objects and Windows 2000
• Object-Oriented Programming 기반의 Win2K• 객체 (Object) 단위
– 운영체제는 객체 (Object) 단위로 관리– 캡슐화 , 은닉화 , 추상화 , 재사용성 , 신뢰성 , 견고함 제공
User mode
Kernel mode
Object manager
Handle
DeviceObject
DriverObject
ControllerObject
AdapterObject
InterruptObject
…
Figure 1.1 Object-Oriented Programming 기반의 Win2K
Ch 4. Drivers and Kernel-Mode Objects 5
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
Windows 2000 Objects and Win32 Windows 2000 Objects and Win32 Objects Objects
• User-mode 객체 / 실제 OS 내부 객체– User-mode 객체 : 커널 객체를 Handle 로 간접적으로 참조– Kernel 객체 : External Name 을 가지지 않음 메모리 Pointer 를 직접 이용
Ch 4. Drivers and Kernel-Mode Objects 6
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
Applications
I/O Manager
Hardware Abstraction Layer
Hardware
User mode
Kernel mode
Win32 API calls
System service interface
HAL calls
Platform-specific operations
Device Driver
Object
Execution
Kernel
Win32 Subsystem
IRP passed to driver dispatch routine
Figure 1.2 Win2K 의 계층적 시스템 구조
Handle
IRPIRP
IRP
IRP
The Layers of Win2K Operating SystemThe Layers of Win2K Operating System
ObjectManager
ISLab Flash TeamISLab Flash Team
2. I/O Request Packet (IRPs)2. I/O Request Packet (IRPs)
Ch 4. Drivers and Kernel-Mode Objects 8
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
I/O Request Packets (IRPs)I/O Request Packets (IRPs)
• Win2K 에서 패킷 구동 방식으로 I/O 요청을 처리• I/O 서브시스템의 설계목표 중 하나• IRP 는 I/O system 이 I/O 요청에서 필요한 정보를
저장하는 장소
Ch 4. Drivers and Kernel-Mode Objects 9
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
Simplified Model of IRP ProcessingSimplified Model of IRP Processing
User Space
I/O Manager IRP
Driver Routine
Start I/O Entry
Interrupt Service Entry
DPC
DEVICE
Interrupt
Figure 2.1 IRP Processing Simple Model
I/O Request nonpaged 시스템 메모리
디바이스 동작
디바이스 동작 완료
DpcForIsrIRP 최종 상태 저장
Request 완료 후 , IRP 최종 상태 리턴
IRP 할당
IRP 전달
Ch 4. Drivers and Kernel-Mode Objects 10
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
Layout of an IRPLayout of an IRP
• IRP Header• I/O Stack Locations
IRP
IoStatus
Stack
Header
IO_STATUS_BLOCK
Status
Information
IO_STACK_LOCATION
MajorFunction
MinorFunction
union { struct {…} Read; struct {…} Write; struct {…} DeviceControl} Parameters;
Figure 2.2 Structure of an IRP
Ch 4. Drivers and Kernel-Mode Objects 11
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
IRP HeaderIRP Header
IRP Header Fields
Field Description
IO_STATUS_BLOCK IoStatus I/O Operation 에 대한 마지막 상태 정보를 가지고 있다 .
PVOID AssociatedIrp.SystemBufferDevice 가 Buffered I/O 를 행할때에 사용되는 Buffer 를
포인팅 하고 있다 .
PMDL MdlAddressDirect I/O 가 행하여 질 때 사용되어지는 User-space 버퍼의 Memory Descriptor List 의 포인터를 가지고 있다 .
PVOID UserBuffer I/O Buffer 의 User-space 주소
BOOLEAN Cancel IRP 가 취소되었음을 알리기 위하여 사용됨
Table 2.1 Externally Visible Fields of an IRP Header
• IRP Header
Ch 4. Drivers and Kernel-Mode Objects 12
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
I/O Stack Locations(1)I/O Stack Locations(1)
• I/O Stack Locations
IO_STACK_LOCATION, *PIO_STACK_LOCATION
Filed Contents
UCHAR MajorFunction IRP_MJXXX 값이 할당되어 있다 .
UCHAR MinorFunction File System 이나 SCSI 드라이버에 의해서 사용되어진다 .
Union Paramenters MajorFunction Code 에 대한 Union 값들
struct Read
IRP_MJ_READ 에 대한 파라미터• ULONG Length• ULONG Key• LARGE_INTEGER ByteOffset
Table 2.2.1 Selected Contents of IRP Stack Location
Ch 4. Drivers and Kernel-Mode Objects 13
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
I/O Stack Locations(2)I/O Stack Locations(2)
• I/O Stack Locations
IO_STACK_LOCATION, *PIO_STACK_LOCATION
Filed Contents
struct Write
IRP_MJ_WRITE 에 대한 파라미터• ULONG Length• ULONG Key• LARGE_INTEGER ByteOffset
struct DeviceIOControl
IRP_MJ_DEVICE_CONTROL 대한 파라미터• ULONG OutputBufferLength• ULONG InputBufferLength• ULONG IoControlCode• PVOID Ttpe3InputBuffer
struct Others PVOID Argument1-Argument4
PDEVICE_OBJECT DeviceObject I/O Request 의 타켓 다바이스 객체
PFILE_OBJECT FileOnject 요청을 수행한 File Object
Table 2.2.2 Selected Contents of IRP Stack Location
Ch 4. Drivers and Kernel-Mode Objects 14
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
Manipulating IRPsManipulating IRPs
• IRPs as a whole• IRP Stack Locations
Ch 4. Drivers and Kernel-Mode Objects 15
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
IRPs as a wholeIRPs as a whole
IRP Access Functions
Function Description Called by…
IoStartPacket IRP 를 Start I/O routine 으로 보냄 Dispatch
IoCompleteRequest 모든 처리가 끝났음을 나타낼 때 DpcForIsr
IoStartNextPacket 다음 IRP 를 Start I/O routine 으로 보냄 DpcForIsr
IoCallDriver IRP 다른 driver 로 보낼 때 Dispatch
IoAllocateIrp 추가의 IRP 를 요구할 때 Dispatch
IoFreeIrp 드라이버가 할당한 IRP 를 해제할 때 I/O Completion
• IRPs as a whole
Table 2.3 Functions that Work with the Whole IRP
Ch 4. Drivers and Kernel-Mode Objects 16
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
IRP Stack LocationsIRP Stack Locations
• IRP Stack Locations
IO_STACK_LOCATION Functions
Function Description Called by…
IoGetCurrentIrpStackLocation 호출자의 Stack 슬롯에 대한 포인터를 얻고자
할 때 (Various)
IoMarkIrpPending 호출자의 Stack 슬롯을 더 이상의 처리가 필요한
것으로 기록할 때 Dispatch
IoGetNextIrpStackLocation 다음 하위 드라이버의 Stack 슬롯에 대한
포인터를 얻고자 할 때 Dispatch
IoSetNextIrpStackLocation I/O Stack Pointer 를 한 단계 Push Dispatch
IoSetCompleteRoutine 다음 하위 드라이버의 I/O Stack 슬롯에 I/O 완료
루틴을 추가할 때Dispatch
Table 2.4 IO_STACK_LOCATION Access Functions
ISLab Flash TeamISLab Flash Team
3. Objects of Kernel-Mode3. Objects of Kernel-Mode
Ch 4. Drivers and Kernel-Mode Objects 18
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
Driver ObjectsDriver Objects
• Driver Object : Driver 의 여러 함수들에 대한 포인터를 갖는 목록
• I/O Manager 는 Driver 의 함수들을 찾을 필요가 있을 때 특정 Device 와 관련되는 Driver Object 를 이용한다 .
Ch 4. Drivers and Kernel-Mode Objects 19
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
The Life of Driver ObjectsThe Life of Driver Objects
DriversDriverObject
DriversDrivers
I/O ManagerCall DriverEntry
Load Create object
DriverObjectI/O Manager
IRPDispatchRoutine DEVICE
동작
Figure 3.1 The life of deriver object
call(*)
Driver Object 의 역할
Ch 4. Drivers and Kernel-Mode Objects 20
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
Layout of a Driver Object(1)Layout of a Driver Object(1)
Driver Object
DeviceObject
DriverStatIo
DriverUnload
MajorFunction[]
……..
Start I/ORoutine
UnloadRoutine
DispatchRoutine
DispatchRoutine
DeviceObject
DeviceObject
Figure 3.2 The driver object
Ch 4. Drivers and Kernel-Mode Objects 21
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
Layout of a Driver Object(2)Layout of a Driver Object(2)
Driver Object Fields
Field Description
PDRIVER_STARTIO DriverStartIo Driver 의 Start I/O Routine 에 대한 주소
PDRIVER_UNLOAD DriverUnload Driver’s Unload Routine 에 대한 주소
PDRIVER_DISPATCH MajorFunction[]Driver’s Dispatch Routines 들의 테이블 , I/O 동작
코드에 의해 인덱스됨
PDEVICE_IOBJECT DeviceObject 이 Driver 에 의해 생성된 Device Object 들의
연결 리스트
Table 3.1 Externally Visible Fields of a Driver Object
Ch 4. Drivers and Kernel-Mode Objects 22
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
Device Objects and Device ExtensionsDevice Objects and Device Extensions
• Device Object : 디바이스의 특성과 상태에 대한 정보를 유지
PhysicalDEVICE
VirtualDEVICE
HAL
Driver ObjectDriver Object
DeviceObject
Figure 4.1 The device object and driver object
Ch 4. Drivers and Kernel-Mode Objects 23
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
The Life of Device ObjectsThe Life of Device Objects
DeviceObject
I/O ManagerCall DriverEntry
Create object
Figure 4.2 The life of device objects
WDM DriverAddDevice
Plug and Play
DEVICE
DeviceObject
DriverObject
(*) (*)
DEVICE
HAL
I/O Manager
DispatchRoutine
I/O Request Packet
(a)
(b)
Ch 4. Drivers and Kernel-Mode Objects 24
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
Layout of a Device Object(1)Layout of a Device Object(1)
Device Object
Next Device
Flags
DriverObject
CurrentIrp
DeviceExtension
Device Queue Object
DriverObject
PendingIRP
PendingIRP
CurrentIRP
DeviceExtension
Figure 4.3 The device object
Ch 4. Drivers and Kernel-Mode Objects 25
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
Layout of a Device Object(2)Layout of a Device Object(2)
Device Object Fields
Field Description
PVOID DeviceExtension Device Extension 구조체에 대한 포인터
PDRIVER_OBJECT DriverObject Driver Object 를 위한 Device Object 의 포인터
ULONG FlagsDevice 의 Buffering Strategy 을 지정DO_BUFFERD_IODO_DIRECT_IO
PDEVICE_OBJECT NextDevice 이 Driver 에 속하는 다음 번 Device 에 대한 포인터
CCHAR StackSize 이 Device 에게 보낼 IRP 를 위해 필요한 I/O Stack
Location 의 최소 개수
ULONG AlignmentRequirement Buffer 를 위해 요구되는 Memory 정렬
Table 4.1 Externally Visible Fields of a Device Object
Ch 4. Drivers and Kernel-Mode Objects 26
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
Manipulating Device ObjectsManipulating Device Objects
Device Object Access Functions
Function Description Called By…
IoCreateDevice Device Object 를 생성
DriverEntry orAddDevice
IoCreateSymbolicLink Win32 상에서 Device Object 가 보이게 만들 때
IoAttachDevice Device Object 에 필터를 덧붙일 때
IoAttachDeviceByPointer Device Object 에 필터를 덧붙일 때
IoGetDeviceObjectPointer Device Object 의 Pointer 를 얻고자 할 때
IoCallDriver 다른 Driver 로 IRP 요청을 보낼 때 Dispatch
IoDetachDevice 하위 Device 로 부터 Device Object 의 연결을 끊을 때
Unload orRemoveDevice
IoDeleteSymbolicLinkWin32 namespace 상에서 Device Object 를
삭제
IoDeleteDevice 시스템으로부터 Device Object 를 삭제
Table 4.2 Access Functions for a Device Object
Ch 4. Drivers and Kernel-Mode Objects 27
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
Device ExtensionsDevice Extensions
typedef struct _DEVICE_EXTENSION { PDEVICE_OBJECT DeviceObject; : // other driver-specific declarations :} DEVICE_EXTENSION, *PDEVICE_EXTRENSION;
• Device Object 에 대한 Back Pointer• Device 의 상태나 Driver Context 정보• Interrupt Object 와 Interrupt 예상 플래그에 대한
Pointer• Controller Object 에 대한 포인터• Adapter Object 와 Mapping 레지스터들의 카운터에
대한 Pointer※ Device Extensions 은 Driver 전용이므로 , Extension 의 구조체는 Driver 의 헤더 파일 상에 정의
Table 4.3 Device Extension
Ch 4. Drivers and Kernel-Mode Objects 28
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
Controller Objects and Controller Controller Objects and Controller ExtensionsExtensions
• Driver 가 하나 이상의 Device 들에 병렬적인 작업 수행에 있어서 공유된 레지스터 공간의 동기화 문제를 해결하기 위한 객체
• Controller Object 는 한번에 하나의 디바이스를 소유하는 Mutex를 유지해야 함 .
Driver Object1Driver Object1
DeviceObject1
ControllerObject
I/O Manager
소유권 요청
Driver Object2Driver Object2
DeviceObject2
Block
Figure 5.1 The outline of controller object
Ch 4. Drivers and Kernel-Mode Objects 29
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
The Life of Controller ObjectsThe Life of Controller Objects
ControllerObject소유권 요청 Block
DeviceObject
DeviceObject
Device Ext. Device Ext.
DriverEntry(or AddDevice)
DriverEntry(or AddDevice)
Start I/O
ControllerControl
Driver Object Driver Object
DpcForIsr
unload
Figure 5.2 The life of controller objects
Ch 4. Drivers and Kernel-Mode Objects 30
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
Layout of a Controller ObjectLayout of a Controller Object
DeviceObject
Controller Object
ControllerExtension
ControllerExtension
DeviceExtension
DeviceObject
DeviceExtension
Figure 5.3 The controller object
Ch 4. Drivers and Kernel-Mode Objects 31
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
Manipulating Controller ObjectsManipulating Controller Objects
Controller Object Access Functions
Function Description Call by…
IoCreateController Controller Object 를 생성 Driver Entry or AddDevice
IoAllocateController Controller 의 독점적 소유권을 요구 Start I/O
IoFreeController Controller 의 소유권을 해제 DpcForIsr
IoDeleteController 시스템으로부터 Controller Object 를 제거 Unload or Remove Device
Table 5.1 Access Functions fro a Controller Object
Ch 4. Drivers and Kernel-Mode Objects 32
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
Controller ExtensionsController Extensions
typedef struct _CONTROLLER_EXTENSION { // back pointer PCONTROLLER_OBJECT ControllerObject : // other driver-specific declarations :} CONTROLLER_EXTENSION,
*PCONTEROLLER_EXTENSION;
• Interrupt 와 Adapter Object 의 객체에 대한 포인터※ Controller Extensions 은 Driver 전용이므로 , Extension 의 구조체는 Driver 의 헤더 파일 상에 정의
Table 5.2 Controller extension
Ch 4. Drivers and Kernel-Mode Objects 33
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
Adapter ObjectsAdapter Objects
• I/O Manager 는 Adapter Object 를 이용하여 DMA 하드웨어에 대한 디바이스간의 분쟁을 막는다 .
• 만약 Device 가 Programmed I/O 만을 지원하면 Adapter Object 는 필요 없다 .
• Mapping 레지스터를 관리
Ch 4. Drivers and Kernel-Mode Objects 34
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
The Life of Adapter ObjectsThe Life of Adapter Objects
DMADEVICE
HAL
DMA Channel
Memory
Adapter Object
I/O Manager
DriverEntry(or AddDevice)
Device orControllerExtension
Address Mapping
Figure 6.1 The life of adapter object
Ch 4. Drivers and Kernel-Mode Objects 35
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
Layout of an Adapter ObjectLayout of an Adapter Object
DeviceOr
Controller Extension
AdapterPtr
MapRegCount
AdpaterObject
Figure 6.2 The adapter object
Ch 4. Drivers and Kernel-Mode Objects 36
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
Manipulating Adapter ObjectsManipulating Adapter Objects
Adapter Object Access Functions
Function Description Call by…
IoGetDmaAdapter Adapter Object 에 대한 포인터를 얻을 때 DriverEntry or AddDevice
AllocateAdpaterChannel DMA H/W 의 독점적 소유권을 요구 Start I/O
MapTransfer 데이터 전송을 위한 DMA H/W 를 설정 Adapter Control/DpcForIsr
FlushAdapterBuffers 데이터 일부 전송 이후에 데이터를 비움 DpcForIsr
FreeMapRegisters Map Registers 를 해제 DpcForIsr
FreeAdapterChannel Adapter Object 를 해제 DpcForIsr
Table 6.1 Access Functions fro a Adapter Object
Ch 4. Drivers and Kernel-Mode Objects 37
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
Interrupt ObjectsInterrupt Objects
• Kernel Interrupt Dispatcher 에게 Interrupt 발생시 정확한 Service Routine 을 찾을 수 있는 방법을 제공
Kernel Interrupt
Dispatcher
Interrupt
InterruptObject
InterruptRoutine
Figure 7.1 The outline of interrupt object
Ch 4. Drivers and Kernel-Mode Objects 38
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
The Life of Interrupt ObjectsThe Life of Interrupt Objects
Kernel Interrupt
Dispatcher
Interrupt
InterruptObject
InterruptRoutine
DriverEntryor
AddDevice
Unloador
RemoveDevice
Figure 7.2 The life of interrupt object
Ch 4. Drivers and Kernel-Mode Objects 39
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
Layout of an Interrupt ObjectLayout of an Interrupt Object
DeviceOr
Controller Extension
InterruptPtr
Interrupt Object Interrupt
ServiceRoutine
Figure 7.2 The Interrupt object
Ch 4. Drivers and Kernel-Mode Objects 40
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
Manipulating Interrupt ObjectsManipulating Interrupt Objects
Interrupt Object Access Functions
Function Description Called by…
HalGetInterruptVector 버스 관련 인터럽트 객체를 시스템 전역값으로
변경 DriverEntry
IoConnectInterruptInterrupt Service Routine 과 Interrupt
Object 를연관지음
DriverEntry or AddDevice
KeSynchronizeExecution 다른 IRQL 에서 실행중인 Driver Routine 을동기화 (Various)
IoDisconnectInterrupt Interrupt Object 를 삭제Unload or
RemoveDevice
Table 7.1 Access Functions fro a Interrupt Object
Ch 4. Drivers and Kernel-Mode Objects 41
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
종합적인 종합적인 DeviceDevice 의 의 I/O I/O 과정과정
Hardware Device
Hardware Abstraction Layer
DevObject
ControllerObject
AdapterObject
InterruptObject
DevExtension
ControllerExtension
Driver Object
Device Driver
I/O ManagerObject Manager
User-mode
Kernel-mode
Memory
Handle
HAL
I/ORequest
I/O Request Packet(IRPs)
DM
A
Ch
an
nel
Set orPnP
DriverEntry Start I/O
DriverEntryor
AddDevice
ISLab Flash TeamISLab Flash Team
4. Summary4. Summary
Ch 4. Drivers and Kernel-Mode Objects 43
ISLab Flash TeamISLab Flash Team
Made By ICEUNI
SummarySummary
• OOP 기반의 Win2K• Win2K 의 I/O 에서의 Packet(IRPs) 구동 방식• I/O Manager 는 Device 의 대부분의 일이 I/O 인 만큼
중요하다 .• I/O Manager 는 I/O 를 하기 위한 객체를 관리한다 .